Vulnerability in Intel processors

Joanna Rutkowska has discovered a buffer overflow vulnerability in the SINIT Authenticated Code Modules of recent Intel processors, which allows arbitrary code execution:
http://theinvisiblethings.blogspot.com/2011/12/exploring-new-lands-on-intel-cpus-sinit.html

Advisory from Intel:
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr

 

how is that possible

question how a processor could have a vulnerability ??

 

For a long time CPUs have handled DEP - ie: Hardware DEP. You need software support but it's built in.

Just as encryption can be built into a hard drive.

There are a lot of security implementations, ROM code, etc built right onto your hardware.

Errors in implementation and design exist in the hardware just as they do in the software.

 

i remember some of Athlon old CPU used to have
"antivirus feature " written on the outside of the Box

anyway i think that's a bit technical but
how is a CPU going to Prevent Data execution
on infected system

if a Malware Run on the system it will run whether a cpu like that or not
or whether we like that or not
the cpu job all has to do is to crunch data :/ so
how is that possible

sorry for asking but i didn't understand what has the cpu to do with
antivirus software

 

Data Execution Prevention (DEP) does not stop programs or malware from running. It provides (hardware) support to create executable and nonexecutable address space in memory.

This doesn't stop malware necessarily but it makes exploits a lot harder. If I exploit a program with DEP I can't just load whatever I like into memory and run my malware because the address space isn't executable.

There are ways around this (return oriented programming) but in conjunction with other methods it is very effective at preventing exploits.

 

thanks for the info
Hungry Man